Worker Type
Regular
Job Description
Summary
The CMMC Specialist serves as AV's primary technical authority on the Cybersecurity Maturity Model Certification (CMMC) framework and is responsible for leading the organization's readiness, compliance execution, and control implementation efforts. This role plays a critical part in AV's top-priority initiative to achieve and sustain CMMC 2.0 certification, ensuring that all required technical, administrative, and physical controls are properly implemented, validated, and documented across the enterprise.
In addition to deep CMMC expertise, the CMMC Specialist supports broader cybersecurity compliance obligations including SOX, UKCE, ITAR, EAR, and other applicable regulatory frameworks. The role conducts detailed gap analyses, guides technical teams through control implementation, oversees evidence management, and ensures AV maintains a complete, accurate, and audit-ready compliance posture. While not a program management role, this position provides leadership, strategic insight, and cross-functional guidance to ensure compliance activities are executed effectively across the organization.
Position Responsibilities
CMMC Leadership & Expertise
Serve as AV's subject matter expert on CMMC 2.0 requirements, assessment objectives, scoping rules, and evidence expectations.
Lead detailed gap analyses across technical, administrative, and physical controls to identify deficiencies and required remediation.
Translate CMMC practices into clear, actionable technical requirements for IT, Engineering, Security, Facilities, HR, and other impacted teams.
Guide and validate the implementation of required controls, ensuring alignment with CMMC and NIST SP 800-171 assessment criteria.
Support CUI scoping activities including asset inventory validation, boundary definition, and data flow mapping.
Compliance Program Execution
Support the development, implementation, and maintenance of cybersecurity compliance programs aligned with CMMC, SOX, UKCE, ITAR, EAR, and other regulatory requirements.
Maintain compliance with external regulations and internal policies, ensuring consistent application across all in-scope systems and processes.
Develop and implement compliance policies, procedures, and standards for cybersecurity, and assist other functional organizations in developing their own.
Coordinate with IT Infrastructure, Enterprise Systems, Legal, Risk Management, and other departments to ensure compliance requirements are understood and executed.
Audit Readiness & Evidence Management
Lead the creation, refinement, and maintenance of compliance documentation including SSPs, POA&Ms, ConMon materials, policies, procedures, and evidence artifacts.
Establish structured evidence collection and artifact management processes to ensure audit readiness.
Perform internal readiness assessments, mock audits, and control testing to prepare AV for C3PAO evaluation.
Oversee compliance audits and assessments, ensuring timely remediation and accurate reporting.
Collaborate with external advisors, consultants, and assessors to support readiness and certification activities.
Risk Management & Reporting
Conduct risk assessments and provide recommendations to mitigate cybersecurity and compliance risks.
Assess and report progress toward compliance objectives, including readiness status and control maturity.
Advise leadership on compliance risks, technical challenges, and factors that may impact certification timelines or sustainment.
Generate reports for senior cybersecurity leadership and contribute to executive-level updates.
Training, Communication & Cross-Functional Support
Provide guidance and training to employees on cybersecurity compliance matters, including role-based CMMC responsibilities.
Develop awareness materials and communication strategies to support compliance adoption across the organization.
Represent the cybersecurity function in meetings, planning sessions, and cross-functional initiatives.
Basic Qualifications (Required Skills & Experience)
Bachelor's degree in Information Systems, Cybersecurity, Engineering, or related field (or equivalent experience).
Extensive hands-on experience with CMMC 2.0, NIST SP 800-171, and DoD cybersecurity requirements.
Demonstrated expertise conducting CMMC gap analyses, readiness assessments, and control evaluations.
Strong technical understanding of security controls across access control, configuration management, incident response, logging/monitoring, vulnerability management, and secure system design.
Experience implementing and validating technical, administrative, and physical controls required for CMMC compliance.
Deep familiarity with CUI handling requirements, enclave design, and scoping methodologies.
Experience supporting or preparing for third-party assessments or regulatory audits.
Strong communication and interpersonal skills with the ability to guide and influence technical and non-technical teams.
Proficiency with compliance tracking tools, GRC platforms, or evidence management systems.
Ability to work independently and as part of a team; may manage small teams or project groups.
Travel may be required.
Other Qualifications & Desired Competencies
Certifications such as CCP, CCA, CISSP, Security+, CISM, or similar preferred.
Experience in defense, aerospace, manufacturing, or other DoD-regulated industries strongly preferred.
Experience interpreting and applying ITAR, EAR, SOX, and other regulatory requirements.
Strong analytical skills, attention to detail, and commitment to producing high-quality compliance documentation.
Ability to influence at all levels of the organization and drive clarity in complex, ambiguous environments.
Demonstrated leadership qualities including collaboration, adaptability, and a commitment to continuous improvement.
Alignment with AV Values (Trust & Teamwork, Customer Commitment, Ownership & Results, Innovate & Simplify).
Physical Demands
Ability to sit, stand, stoop, reach, lift (up to 10 lbs.), bend, etc. Hand and wrist dexterity to utilize the computer.
May require travel to sites/program and special functions.
Environmental Conditions Critical to Performance:
Work is in an office environment, climate controlled through central air conditioning/heating.
May have some exposure to outside environment while traveling.
Special Requirements
U.S. Citizen, U.S. Permanent Resident (Green Card holder) or asylee/refugee status as defined by 8 U.S.C. 1324b(a)(3) required.
Must be able to travel within the Continental U.S. and internationally when required.
Location: Open to Remote locations across the U.S.
Clearance Level
No Clearance
The salary range for this role is:
$0 - $0
AeroVironment considers several factors when extending an offer, including but not limited to, the location, the role and associated responsibilities, a candidate's work experience, education/training, and key skills.
ITAR Requirement:
This position requires access to information that is subject to compliance with the International Traffic Arms Regulations ("ITAR") and/or the Export Administration Regulations ("EAR"). In order to comply with the requirements of the ITAR and/or the EAR, applicants must qualify as a U.S. person under the ITAR and the EAR, or a person to be approved for an export license by the governing agency whose technology comes under its jurisdiction. Please understand that any job offer that requires approval of an export license will be conditional on AeroVironment's determination that it will be able to obtain an export license in a time frame consistent with AeroVironment's business requirements. A "U.S. person" according to the ITAR definition is a U.S. citizen, U.S. lawful permanent resident (green card holder), or protected individual such as a refugee or asylee. See 22 CFR § 120.15. Some positions will require current U.S. Citizenship due to contract requirements.
Benefits : AV offers an excellent benefits package including medical, dental vision, 401K with company matching, a 9/80 work schedule and a paid holiday shutdown. For more information about our company benefit offerings please visit: http://www.avinc.com/myavbenefits .
We also encourage you to review our company website at http://www.avinc.com to learn more about us.
Principals only need apply. NO agencies please.
About AV:
AV isn't for everyone. We hire the curious, the relentless, the mission-obsessed. The best of the best.
We don't just build defense technology-we redefine what's possible. As the premier autonomous systems company in the U.S., AV delivers breakthrough capabilities across air, land, sea, space, and cyber. From AI-powered drones and loitering munitions to integrated autonomy and space resilience, our technologies shape the future of warfare and protect those who serve.
Founded by legendary innovator Dr. Paul MacCready, AV has spent over 50 years pushing the boundaries of what unmanned systems can do. Our heritage includes seven platforms in the Smithsonian-but we're not building history, we're building what's next.
If you're ready to build technology that matters-with speed, scale, and purpose-there's no better place to do it than AV.
We are proud to be an EEO/AA Equal Opportunity Employer, including disability/veterans. AeroVironment, Inc. is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Qualified applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, protected veteran status, genetic data, sexual orientation, gender identity or other legally protected status.
ITAR
U.S. Citizen, U.S. Permanent Resident (Green Card holder), asylee/refugee status as defined by 8 U.S.C. 1324b(a)(3) or a person approved for an export license from the appropriate governing agency.
About AV:
AV isn't for everyone. We hire the curious, the relentless, the mission-obsessed. The best of the best.
We don't just build defense technology-we redefine what's possible. As the premier autonomous systems company in the U.S., AV delivers breakthrough capabilities across air, land, sea, space, and cyber. From AI-powered drones and loitering munitions to integrated autonomy and space resilience, our technologies shape the future of warfare and protect those who serve.
Founded by legendary innovator Dr. Paul MacCready, AV has spent over 50 years pushing the boundaries of what unmanned systems can do. Our heritage includes seven platforms in the Smithsonian-but we're not building history, we're building what's next.
If you're ready to build technology that matters-with speed, scale, and purpose-there's no better place to do it than AV.
Careers at AeroVironment (https://www.avinc.com/careers/our-team)
